Differences between revisions 1 and 41 (spanning 40 versions)
Revision 1 as of 2013-07-21 19:21:33
Size: 1007
Editor: 71-87-249-142
Comment:
Revision 41 as of 2021-08-18 23:18:29
Size: 4935
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= CPTR 541 = ## page was renamed from AdvancedNetworkSecurity
= CPTR 444/544 Offensive Security =
Line 3: Line 4:
This page provides hints, insights and direction for the graduate class in Network Security. This page provides hints, insights and direction for the cross listed class in Offensive Security. As a graduate class I am not interested in just teaching you how to use tools to exploit systems. I also want you to be able to research new methods to exploit and protect systems. Consequently you will find a balance between learning about tools and known techniques and pushing the boundary to extend those techniques and create new tools for exploits and defense. Because of this, research is a big part of the graduate class. As we look at existing tools, we'll discuss what it does, how it works, and how to extend the functionality and research possibilities related to what we are learning.
Line 5: Line 6:
== Research Resources == {{https://images-ext-1.discordapp.net/external/92E0ySO0WvM8_OJJCZhqcBK1ss899tLWoUNBLs43HH8/https/imgs.xkcd.com/comics/voting_software.png}}
Line 7: Line 8:
When doing research it helps to know where to look. [[http://www.ieee-security.org/TC/SP-Index.html|Dr. Gu]] does a nice job of rating security conferences that you might want to research from. IEEE S & P and ACM's Conference on Computer and Communications Security top the list and are good candidates to watch. /NotesForNextClass
Line 9: Line 10:
'''Research Assignment''' == Weekly Routine ==
 1. Current Events Discussion / Research presentations (Keep it short!)
 1. Retrospective on previous assignment/work.
 1. Discuss/Lecture/Demonstrations of Upcoming Chapter(s)
 1. Discuss upcoming assignment.
Line 11: Line 16:
You will be required to find and present two peer-reviewed papers in this class. The first must introduce a new attack or attack technique. The second paper must deal with privacy issues inside the US. A third presentation presentation will be of your own research. You might implement a method of attach to provide new proof of concept code, or research specific activities related to personal privacy compromised by companies or governments that may be illegal in other countries or protected by the US constitution. == Current Events ==
All students are required to present the following:

 * Give a short overview of one security news items from the last week (keep it short!)
 * There will be a google docs document on eClass for this.

== Resources ==
 * [[http://www.pentest-standard.org/index.php/Main_Page|PTES - Penetration Testing Execution Standard]]
 * [[http://southern.libguides.com/databases|List of online databases available at Southern]]
 * [[http://scholar.google.com|Scholar on Google is always a good resource]]

== Graduate Research Assignment ==

Graduate students must write two papers and present research reviews each week.

=== Presenting Research Reviews of Peer-Reviewed Papers ===
Each week I would like ''graduate students'' to present a summary of a peer reviewed conference paper from an ACM/IEEE/Springer conference (You may also use other notable security conferences). Most topics are your choice, but you should pick papers related to your chosen topic to write on (see next). These should only be 10 minutes max including discussion. One presentation must introduce a new attack or attack technique. One presentation must deal with privacy issues inside the US. The other papers are up to you. You may choose to do the required topics during any regular class, however I recommend that you do them near the beginning.

=== Writing your own Research Paper ===
Graduate students must write two papers:

 1. Your first paper should be a survey paper that analyzes current and historically significant research of your particular topic and makes recommendations about use.
 1. Your second paper should be an implementation of a previously unimplemented idea or extension/application of some area you found interesting in your first paper.

'''Ideas:'''

 * You might implement a method of attach to provide new proof of concept code
 * Research specific activities related to personal privacy compromised by companies or governments that may be illegal in other countries or protected by the US constitution
 * Vulnerability monitoring system based on OSVDB and nvd.nist.gov – Create a system that monitors installed list of programs and alerts to new vulnerabilities listed in the above databases. This may be used as a tool to attack or defend systems.
 * An aspect of hacking, such as code-security analysis techniques and tools for various languages.
 * Report on a penetration test performed for a real (off-campus) company. This requires professor approval, so make sure to get it before you embark on a real pentest.

== Homework Assignments ==

Homework assignments are given on https://eclass.e.southern.edu

== Common Vocabulary and Acronyms ==
 * MITM = Man in the middle
 * Monetize = to convert into monetary value i.e. money.
 * ROE = Rules of Engagement

== Entertaining Links ==
 * [[http://insecure.org/stf/smashstack.html|Buffer Overflow example]]
 * /BufferOverFlowExample
 * /BufferOverFlowSolution
 * [[http://crackstation.net/hashing-security.htm|Nice discussion of Salting]]
 * [[http://toolbar.netcraft.com/site_report|Netcraft - shows information history of a site, interesting]]
 * Dr. A's [[/Kioptrix1Solution|Kioptrix 1 solution]] including adding a root user.

== Vulnerability Databases ==
 * [[http://nvd.nist.gov|National Vulnerability Database]]
 * [[http://cve.mitre.org/find/index.html|Common Vulnerabilities and Exposures (CVE)]]
 * [[http://www.rapid7.com/db/‎|Rapid7 Vulnerability Database]]
 * [[http://osvdb.org/‎|Open Source Vulnerability Database]]
 * [[http://www.securityfocus.com/vulnerabilities|Symantec Vulnerability Database]]
 * [[http://secunia.com/community/advisories/historic/|Secunia Vulnerability List]]

CPTR 444/544 Offensive Security

This page provides hints, insights and direction for the cross listed class in Offensive Security. As a graduate class I am not interested in just teaching you how to use tools to exploit systems. I also want you to be able to research new methods to exploit and protect systems. Consequently you will find a balance between learning about tools and known techniques and pushing the boundary to extend those techniques and create new tools for exploits and defense. Because of this, research is a big part of the graduate class. As we look at existing tools, we'll discuss what it does, how it works, and how to extend the functionality and research possibilities related to what we are learning.

https://images-ext-1.discordapp.net/external/92E0ySO0WvM8_OJJCZhqcBK1ss899tLWoUNBLs43HH8/https/imgs.xkcd.com/comics/voting_software.png

/NotesForNextClass

Weekly Routine

  1. Current Events Discussion / Research presentations (Keep it short!)
  2. Retrospective on previous assignment/work.
  3. Discuss/Lecture/Demonstrations of Upcoming Chapter(s)
  4. Discuss upcoming assignment.

Current Events

All students are required to present the following:

  • Give a short overview of one security news items from the last week (keep it short!)
  • There will be a google docs document on eClass for this.

Resources

Graduate Research Assignment

Graduate students must write two papers and present research reviews each week.

Presenting Research Reviews of Peer-Reviewed Papers

Each week I would like graduate students to present a summary of a peer reviewed conference paper from an ACM/IEEE/Springer conference (You may also use other notable security conferences). Most topics are your choice, but you should pick papers related to your chosen topic to write on (see next). These should only be 10 minutes max including discussion. One presentation must introduce a new attack or attack technique. One presentation must deal with privacy issues inside the US. The other papers are up to you. You may choose to do the required topics during any regular class, however I recommend that you do them near the beginning.

Writing your own Research Paper

Graduate students must write two papers:

  1. Your first paper should be a survey paper that analyzes current and historically significant research of your particular topic and makes recommendations about use.
  2. Your second paper should be an implementation of a previously unimplemented idea or extension/application of some area you found interesting in your first paper.

Ideas:

  • You might implement a method of attach to provide new proof of concept code
  • Research specific activities related to personal privacy compromised by companies or governments that may be illegal in other countries or protected by the US constitution
  • Vulnerability monitoring system based on OSVDB and nvd.nist.gov – Create a system that monitors installed list of programs and alerts to new vulnerabilities listed in the above databases. This may be used as a tool to attack or defend systems.
  • An aspect of hacking, such as code-security analysis techniques and tools for various languages.
  • Report on a penetration test performed for a real (off-campus) company. This requires professor approval, so make sure to get it before you embark on a real pentest.

Homework Assignments

Homework assignments are given on https://eclass.e.southern.edu

Common Vocabulary and Acronyms

  • MITM = Man in the middle
  • Monetize = to convert into monetary value i.e. money.
  • ROE = Rules of Engagement

Vulnerability Databases

OffensiveSecurity (last edited 2021-08-18 23:18:29 by scot)